[Chromium] Crash when closing a tab with accelerated 2d canvas​https://bugs.webkit.org/show_bug.cgi?id=62324
Upon graphics context destruction, it is important to signal skia
to abandon all of its resource handles. This prevents a crash caused
by skia attempting to release resources that were in the destroyed
graphics context.

[Chromium] Crash when closing a tab with accelerated 2d canvas​https://bugs.webkit.org/show_bug.cgi?id=62324
In GraphicsContext3DInternal::setContextLostCallback we are passing a
non-refcounted ptr to a refcounted member. this can cause an access
violation after the destruction of GraphicsContext3D. Upon destruction
a null callback is sent to setContextLostCallback, which is good
except that it gets placed in a non-null adapter object. This fix
prevents the creation of the adapter when the callback is null, thus
preventing a later crash.

[Chromium] Crash when closing a tab with accelerated 2d canvas​https://bugs.webkit.org/show_bug.cgi?id=62324
Upon graphics context destruction, it is important to signal skia
to abandon all of its resource handles. This prevents a crash caused
by skia attempting to release resources that were in the destroyed
graphics context.

[Chromium] Crash when closing a tab with accelerated 2d canvas​https://bugs.webkit.org/show_bug.cgi?id=62324
In GraphicsContext3DInternal::setContextLostCallback we are passing a
non-refcounted ptr to a refcounted member. this can cause an access
violation after the destruction of GraphicsContext3D. Upon destruction
a null callback is sent to setContextLostCallback, which is good
except that it gets placed in a non-null adapter object. This fix
prevents the creation of the adapter when the callback is null, thus
preventing a later crash.

Hopefully last change to features.gypi - set ENABLE_REGISTER_PROTOCOL_HANDLER based off of the the variable set
in chromium's common.gypi. Should green up the chromium linux tester on build.webkit.org.

Test that we don't trigger asserts when re-entering the parser from
tree construction.

fast/parser/document-write-onload-nesting-expected.txt: Added.

fast/parser/document-write-onload-nesting.html: Added.

fast/parser/document-write-onload-ordering-expected.txt: Added.

fast/parser/document-write-onload-ordering.html: Added.

The exact ordering of the script execution here differs a bit
between browsers. For example, Firefox executes the scripts in a
slightly different order because Firefox runs the parser on a
separate thread (and therefore cannot be re-entered from tree
construction). If/when we move the parser off the main thread,
we're likely to change the ordering here a bit, which should be
ok.

Expose the spell checking functionality to the UAs through a
generic interface, and provide a default Enchant-based
implementation. On top of allowing UAs to use this functionality
this makes it possible to change the spell checking backend at
runtime.

GNUmakefile.am: add new files.

WebCoreSupport/EditorClientGtk.cpp:
(WebKit::EditorClient::EditorClient): set the spell checker using
the new classes.

Use correct CFURLStorageSessionRef definition on Leopard, as
we created an inconsistency in const-ness between
WebCoreSystemInterface.h and these two files in the case
of Leopard only.​https://bugs.webkit.org/show_bug.cgi?id=62223

Sync ScrollbarThemeChromiumMac.mm/.h with ScrollbarThemeMac.mm to pick up support for overlay scrollbars. The only changes are renaming ScrollbarThemeMac to ScrollbarThemeChromiumMac and using runtime checks instead of #ifdef's.

No new tests, since this code is only enabled on future versions of Mac OS X.

Add a non-hash lookup for mutiple character identifiers. This saves us from
adding repeated identifiers to the ParserArena's identifier list as people
tend to not start all their variables and properties with the same character
and happily identifier locality works in our favour.

Remove all knowledge of CachedResourceRequests from
CachedResourceLoader. This puts the full burden of
canceling these requests on DocumentLoader (via
SubresourceLoader), and makes a CachedResourceRequest
an OwnPtr in CachedResource.

Heap acts as a controller, responsible for managing the set of all
MarkedBlocks.

This is in preparation for moving parts of the controller logic into
separate helper classes that can act on arbitrary sets of MarkedBlocks
that may or may not be in NewSpace.

heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::destroy):
(JSC::Heap::allocate):
(JSC::Heap::markRoots):
(JSC::Heap::clearMarks):
(JSC::Heap::sweep):
(JSC::Heap::objectCount):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collect):
(JSC::Heap::resetAllocator):
(JSC::Heap::allocateBlock):
(JSC::Heap::freeBlocks):
(JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
along with all functions that operate on the set of MarkedBlocks. Also
moved responsibility for deciding whether to allocate a new MarkedBlock,
and for allocating it.

Updated origin-clean-conformance.html to track upstream version in
Khronos repository. Added new layout tests mirroring those added
in bug 61015 which verify that new CORS support for images is
working in the context of WebGL.

No new tests. The problem can be reproduced by trying to create InspectorValue
from 1.0e-100 and call ->toJSONString() on this.

inspector/InspectorValues.cpp:
(WebCore::InspectorBasicValue::writeJSON):
Added checking the predicted buffer size and choosing exponential format, or
eventually "NaN" if the buffer is too small for decimal format.

Remove positionBeforeNextWord and positionAfterPreviousWord short-cuts. They try to find the
right word boundary (before the space or after the space) by using previousWordPosition and
nextWordPosition. But they assume words are separated by single space and are not correct
for words separated by multiple spaces and words not separated by space.

Consider positionBeforeNextWord() for example,

First, it checks whether the current position is after the current word by checking current
position's previousWordPosition's nextWordPosition is the same as current position, which is
wrong for words separated by multiple spaces. For example, given words A and B separated by
3 continuous spaces "A B", position "A|", "A |", and "A |" should all be considered as
position after current word. But for position "A |", its previousWordPosition's
nextWordPosition is position "A|", which is different from its current position, so the
current position is not considered as a position after current word, consequently,
instead of returning the right position as "A |B", positionBeforeNextWord returns the
position before next next word, as "A B |C". Similar happens for position "A |".

Second, given 3 Chinese words "ABC" that are not segmented by space, when cursor is at
"A|BC", positionBeforeNextWord() returns the same position after calling current position's
nextWordPosition's previousWordPosition. It should returns position "AB|C".

For those cases, we will have to collect all the word breaks inside the box and look for
the one at left or right of current position.

​https://bugs.webkit.org/show_bug.cgi?id=62164
Remove "multi-threaded" logic in V8 DOMData, DOMDataStore and friends
This functionality is untested and unused:
This is an old code from Lockers-based implementation of WebWorkers in
V8 bindings, to make sure that DOM objects are released on the right thread
even though GC could have happened on any thread. It is currently unused (since
current model is one worker per process) and is being removed because new implementation
of WebWorkers will be using V8 isolates.

It is possible that the application developers don't want to limit
zoom's center coordinate to the viewport for implementing some effects
and center coordinate out of the viewport does not affect to the zoom operation.
So, It is better to leave zoom's center coordinate freely.

If a port doesn't want to give the user some configure options,
nevertheless it would have to define this feature as OFF. Otherwise
there's a build error because the generated cmakeconfig.h is not
parsed correctly by ENABLE macro, which expects each feature to be
either undefined or defined to TRUE/FALSE.

Source/cmake/WebKitFeatures.cmake: Use a variable with the same name
of the feature, which allows CONFIGURE_FILE() to replace it in the new
cmakeconfig.h.cmake.

Source/cmakeconfig.h.cmake: use #cmakedefine01 instead of #define
with another variable. This way the feature will always be 0 or 1 and
it will never be left undefined.

This change adds two SpellCheck API functions (addSpellcheckRange and
removeSpellcheckRange) and one attribute (spellcheckRange) discussed in
the public-webapps ML. This change is currently available only on Chromium.

This change adds two SpellCheck API functions (addSpellcheckRange and
removeSpellcheckRange) and one attribute (spellcheckRange) discussed in
the public-webapps ML. This change is currently available only on Chromium.

This change adds two SpellCheck API functions (addSpellcheckRange and
removeSpellcheckRange) and one attribute (spellcheckRange) discussed in
the public-webapps ML. This change is currently available only on Chromium.

StyleRareNonInheritedData's copy constructor omitted to copy
the m_content data, which caused us to detach and re-attach the renderer
at the start of the transition, thereby killing the transition.

Fix by making StyleRareNonInheritedData's copy ctor do the right thing.

Test: transitions/transition-on-element-with-content.html

rendering/style/ContentData.h:

rendering/style/ContentData.cpp:
(WebCore::ContentData::clone): New method to do a deep clone. (Can't use a copy
ctor because of the subclasses.)

rendering/style/CounterDirectives.h: Pack the data members to save space.
Add a clone() function for the HashMap.

rendering/style/CounterDirectives.cpp:
(WebCore::clone): Make a new HashMap and copy the contents over.

rendering/style/StyleRareNonInheritedData.cpp:
(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): Copy
the content and counter directives over.
(WebCore::StyleRareNonInheritedData::operator==): Rather than just comparing
for pointer equality, do a correct check for m_counterDirectives equality.
(WebCore::StyleRareNonInheritedData::counterDataEquivalent):

Adds a basic gesture recognizer to the Chromium platform. Adds an entry
point to the GestureRecognizer to reset any internal state on a page reset.
Resetting the gesture recognizer on page load is necesary for reliable
layout test execution and improves gesture recognizer operational
robustness.

Added an additional constructor to permit building a synthetic
PlatformWheelEvent.

Small modifications to the PlatformGestureRecognizer as required to
implement the simple Chromium platform gesture recognizer.

(-[WKResponderChainSink detach]):
This method formerly blindly assumed that since -initWithResponderChain: put self at the
end of the responder chain, after _lastResponderInChain, then self is still at the end
of the responder chain and still immediately after _lastResponderInChain. Made this function
robust against some kinds of responder chain manipulations, though it can't be robust against
some other kinds (e.g., manipulations that removed self from this chain and put it into some
other chain).

Remove our "detection" about the end of a scrub now that there is an explicit seek completion
handler available in AVFoundation. Move what we used to do upon detection in timeChanged()
into seekCompleted().

rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::clearContent):
(WebCore::RenderStyle::appendContent):
(WebCore::RenderStyle::setContent): Replace the overly complex prepareToSetContent()
code with code that either appends, or replaces the content.
This loses an optimization where the existing ContentData object could get reused,
but this seems to be rarely hit in practice.

Apparently we need to move the conditional block further out of the
nesting in order to see the branding variable. This patch also remove
the dummy branding variable I added to get the buildbot building again.

TiledDrawingArea: Delay serving tile requests when the drawing area is suspended.

Do not paint tiles when painting is disabled (suspended) on the web process side.
Buffer up the tile requests and paint them, when the drawing area gets resumed.
On the UI process side, do not block on tile updates, when the tiled area is
not visible (painting is disabled on the web process side).

This change allows fonts allocated as system fallback fonts to be
released. Previously, the reference counts for these fonts grew
without bound. This is implemented as an auto release class that wraps
accesses to the cache for system fallback fonts. All such accesses are
via the method FontCache::getFontDataForCharacters. The new class is
called FontCachePurgePreventer. When such an object exists, it protects
these fonts from deletion.

This change allows fonts allocated as system fallback fonts to be
released. Previously, the reference counts for these fonts grew
without bound. This is implemented as an auto release class that wraps
accesses to the cache for system fallback fonts. All such accesses are
via the method FontCache::getFontDataForCharacters. The new class is
called FontCachePurgePreventer. When such an object exists, it protects
these fonts from deletion.

This change allows fonts allocated as system fallback fonts to be
released. Previously, the reference counts for these fonts grew
without bound. This is implemented as an auto release class that wraps
accesses to the cache for system fallback fonts. All such accesses are
via the method FontCache::getFontDataForCharacters. The new class is
called FontCachePurgePreventer. When such an object exists, it protects
these fonts from deletion.

Most accesses to the font cache still use the reference counting
implemented by FontCache::getCacheFontData() and
FontCache::releaseFontData() and that operation is not affected by
this change.

Added local scoped instance of FontCachePurgePreventer to wrap code
that directly or indirectly accesses fonts via getFontDataForCharacters.
Did a few other miscellaneous bug fixes and changes to allow system
fallback fonts to be pruned from the GlyphPageTree. Changed the
calls to getFontData in the platform specific versions of
Fontcache::getFontDataForCharacters to not increment the reference
count. Moved the purge font check
outside of FontCache::getCachedFontData() into a separate method,
purgeInactiveFontDataIfNeeded() since almost all calls to
getCachedFontData() now happen when purging is not allowed.
purgeInactiveFontDataIfNeeded is invoked in enablePurging() when
m_purgePreventCount is 0.

No new test as the functionality has not changed. Improved font life
cycle management.

platform/graphics/FontCache.cpp:
(WebCore::FontCache::FontCache):
(WebCore::FontCache::getCachedFontData):
Moved purge check to new method since it likely can't happen here.
(WebCore::FontCache::releaseFontData):
(WebCore::FontCache::purgeInactiveFontDataIfNeeded):
(WebCore::FontCache::purgeInactiveFontData):
Made purging conditional on m_purgePreventCount. Now some fonts
in the cache are reference counted while other can be purged
outside of code wrapped by in scope FontCachePurgePreventer objects.

platform/graphics/wx/FontCacheWx.cpp:
(WebCore::FontCache::getFontDataForCharacters):
Changed the calls to getFontData() to not increment the reference
count. The caller of this getFontDataForCharacters() (currently only
Font::glyphDataForCharacter() in fontFastPath.cpp) and it's callers
don't attempt to release the returned fonts so we use the purge
protection described above.

QML files cannot be loaded on Symbian due to difference
in capabilities between qmlwebkitplugin.dll and Qtwebkit.dll.
A PlatSec error that Qtwebkit.dll has "DRM AllFiles" capabilities
missing is observed when dynamically loading the QML plugin.

symbian/platformplugin/platformplugin.pro: Match capabilities with the other 2 DLLs.
Also remove TARGET.VID from platformplugin, as it's not used in any other Qt WebKit DLL,
and causes build warnings about undefined VENDOR_VID.

html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::disabled): Return our stylesheet's 'disabled' value or
false if we don't have a stylesheet.
(WebCore::HTMLLinkElement::setDisabled): Set our stylesheet's 'disabled' value or
ignore the call if we don't have a stylesheet.

html/HTMLLinkElement.h:

html/HTMLLinkElement.idl: Remove 'Reflect' as it is not a reflected attribute anymore in HTML5.
This matches the way FF4, Opera and IE9 handle the attribute.

The change to TestEventPrinter fixes a latent bug, because
objects are deleted through the TestEventPrinter type, but none
of the subclasses have destructors or non-POD members.

The changes to NotificationPresenter and WebViewHost do _not_ to fix a
real bug, they just make clang's -Wdelete-non-virtual-dtor happy. As
discussed at ​http://codereview.chromium.org/7094005/, we prefer making
leaf class destructors virtual over making the leaf classes final.

In WebKit2 PluginPackage is used by the UI process to load plugins
in order to get information about them, but it doesn't use any GTK
symbol. So the UI process should be able to load plugins even when
building with GTK3, but we should not allow the plugin view to use
the plugin if it mixes GTK2 and GTK3 symbols.

plugins/PluginPackage.h:
(WebCore::PluginPackage::module): New method to return the
platform module.

In WebKit2 PluginPackage is used by the UI process to load plugins
in order to get information about them, but it doesn't use any GTK
symbol. So the UI process should be able to load plugins even when
building with GTK3, but we should not allow the plugin view to use
the plugin if it mixes GTK2 and GTK3 symbols.

Change JSC::initializeThreading() and WTF::initializeMainThread() to
WebCore::ScriptController::initializeThreading() which contains these
functions and remove JSC dependency to build webkit/efl with v8.

platform/chromium/PopupMenuChromium.cpp:
(WebCore::PopupContainer::showPopup): Set m_focusedNode from m_frameView.
(WebCore::PopupListBox::handleMouseReleaseEvent): Call dispatchMouseEvent to forward the event only if select popup.
(WebCore::PopupListBox::acceptIndex): Change to return accepted or not.

​https://bugs.webkit.org/show_bug.cgi?id=62164
Remove "multi-threaded" logic in V8 DOMData, DOMDataStore and friends
This functionality is untested and unused:
This is an old code from Lockers-based implementation of WebWorkers in
V8 bindings, to make sure that DOM objects are released on the right thread
even though GC could have happened on any thread. It is currently unused (since
current model is one worker per process) and is being removed because new implementation
of WebWorkers will be using V8 isolates.

This fixes a real bug, since WebMediaPlayerClientImpl::putCurrentFrame
deletes a VideoFrameChromium subclass type through this interface
class, causing ~VideoFrameChromiumImpl's destructor not to run.
(VideoFrameChroimumImpl happens to not have a destructor or any
non-POD member variables, so it's more a latent bug.)

(WebKit::PDFViewController::findString):
Return kWKMoreThanMaximumMatchCount when appropriate, a la FindController::countStringMatches().
Also, skip counting all the matches if maxMatchCount is 0, to avoid (perhaps slowly) computing a
number that would be ignored.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

When an inline element has a right border/margin/padding and it has more than one descendant with no siblings,
the width of the right border/margin/padding should be included in line breaking calculation only once,
and not for each descendant.

Use SOCK_STREAM instead of SOCK_DGRAM sockets. Rework the message
receiver code to support stream sockets, since it requires to
handle message boundaries. The same code works for DGRAM sockets,
so this change shouldn't break other ports using DGRAM.

rendering/svg/SVGTextRunRenderingContext.cpp:
(WebCore::SVGTextRunWalker::walk): bail early when from and to
is outside the text run boundary. this hit easily after adding
the assert when from = to = end and read in run.data(from).

We're unskipping acid2.html event though it's just a landing
page for the acid2 test. Some elements of the test are loaded by
the landing page so it is testing something, but acid2-pixel covers the same
ground.

shouldFallBack() tells the DOM if it should attempt to render
the next nested <object> if its parent fails to load.

This fix is only required for the fast/css version of the ACID2
test, which loads a non-existent ​file:// url. The HTTP version of the
test already passes because the loader will render fallback content
on a failed HTTP load without delegating the decision to the client
( see MainResourceLoader::continueAfterContentPolicy).

Some ports also check for WebKitErrorPluginWillHandleLoad when deciding
what to return. This error isn't currently set by Qt so we don't check
it. (Other ports set it when the erring document is a MediaDocument, maybe
we should do that too at some point).

Add additional ChromeClient functions to indicate the beginning and end of
the various ScrollAnimator animations. Change existing notification that a
rubber-band has completed for the main frame to be triggered for all frames.

Stub out new ChromeClient functions regarding the start and end of ScrollAnimator
animated scrolls, and update logic for rubber-band ending to check for main frame
now that it is called for all frames.

css/html.css:
(input[type="button"], input[type="submit"], input[type="reset"]): Moved -webkit-file-upload-button to its own rule.
(input[type="file"]::-webkit-file-upload-button): Added and moved all previously hard-coded properties there.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

This is _not_ to fix a real bug, just to make clang's
-Wdelete-non-virtual-dtor happy. As discussed at​http://codereview.chromium.org/7094005/, we prefer making leaf class
destructors virtual over making the leaf classes final.

Clang has grown a new warning that warns on |delete ptr| if ptr's
class is non-final, has virtual methods, but no virtual destructor.
This warning finds real bugs, so we want to keep it enabled. However,
it also warns about DataTransferItem[s]. Since these are subclassed,
they can't be made final, so make their destructors virtual. (Maybe
clang's warning even points out an actual bug here.)